Information Security Analyst - SC Cleared at Cabinet Office, Manchester/Remote, 6 Months, £Contract Rate

  • Contract Spy
  • Hybrid (Manchester, UK)
  • Sep 25, 2024
6 Months or more Information Technology

Contract Description

The Cabinet Office supports the Prime Minister and ensures the effective running of government. The Cabinet Office is also the corporate headquarters for the government, in partnership with HM Treasury, and takes the lead in certain critical policy areas. More information about the Cabinet Office can be found on its website at: www.gov.uk/government/organisations/cabinet-officePlease note: This role requires active SC clearance. Candidates must be eligible/willing to undergo SC screening as a minimum.
 
Description
 
Reporting to the Cyber Transformation Manager, the post holder will be responsible for leading on cyber and information security risk assessments across the Department and its Business Units. The assessments include understanding the Department's alignment to the NCSC Cyber Assessment Framework (CAF) and the related HMG standards.The post holder will work within a cyber transformation programme but alongside the Central Cyber and Information Security team in delivering against agreed deadlines whilst maintaining all aspects of information security risk management.ResponsibilitiesSupport the Information Security and Assurance Manager in delivering the InformationSecuritySupport continuous improvement for information security practices and engagement.Evaluate and assess cyber security controls across the business engineering practices and its third party vendors to ensure compliance with the NCSC CAF.Conduct comprehensive risk assessments using the NCSC CAF.Collaborate with cross-functional teams to develop and implement risk management activities.Use risk management techniques to identify cyber threats, risks and issues in a timely manner.Be proficient in threat modelling methods and familiar with tooling practices in threat modelling.Support the creation and maintenance of security policies, guidance and standardsSupport the creation and collection of metrics, validation of security control performance and the identification of emerging cyber risks.Manage actions and output generated by stakeholder engagements; for example customers, regulators, internal and external auditors.Maintain currency with emerging security trends, threat intelligence, industry standards and good practice, and security enhancing technologies.Essential Skills, Knowledge & ExperienceSound knowledge of and experience in an Information Security role.Experience working in a professional services environment.Hands-on experience conducting cyber risk assessments and developing cyber risk mitigation strategies.Hands-on experience conducting cyber security control assessments.Hands-on knowledge and experience working with recognised security frameworks such as, NCSC CAF, ISO27001 etc.Strong interpersonal and communication skills (written and verbal), with the ability to interact with technical and non-technical stakeholders at all levels.Knowledge of Google and Microsoft technologies beneficialAwareness of systems management practices and operational support tools would be beneficial.Acknowledges and responds positively to exceptional events in information security to meet the objectives of the business.Required DisciplinesBusiness need:The ability to elicit security requirements that support the overall business need based on straightforward analysisThe ability to directly map between security requirement and business needClear understanding that security must support organisational priorities and needsSecurity direction and governance:Their understanding, support of and participation in enabling organisational cyber security governanceThe ability to communicate risk and security concepts effectively in accessible ways that can be clearly understood by business leaders or their delegated representativesRisk assessment:Sound understanding and evidence of application of the fundamental principles of risk assessmentExperience of delivering, or enabling the delivery of, comprehensive riskassessments using suitable risk assessment methodologies in common scenarios with an awareness of the strengths and weaknesses of the chosen approachThe impact of risk realisation is well understood in business termsUnderstanding the need to take both a top-down view of risk as well as more traditional component-based risk assessment activityClear explanation of any threat assumptions made and the use of sources of information to illuminate their threat assumptionsThe ability to determine and understand the security characteristics of a system to understand actual or potential vulnerabilitiesHow they 'combine' all the components of risk to arrive at a meaningful assessment and articulation of riskRisk treatment:Understanding of how the output of the risk assessment dovetails into risk treatment and that there is traceability between the most significant identified risks and the measures designed to manage those risks effectivelyThe ability to provide contextualised security advice appropriate to the overall business need delivered with awareness of the sector or environment within which the candidate operatesCompetence and understanding in some technology areas relevant to cyber security in the scenarios or sectors in which they have experienceAn understanding that risks cannot always be fully mitigatedA clear understanding of options such as risk acceptance or transference as well as risk reduction and the role of technical, physical, personnel and procedural controls as a through-life activityAssurance:Understanding of the provision of through-life assurance at a service/system as well as component levelThe ability to apply different assurance approaches with clear understanding of the pros and cons of each.
 
Please be aware that this role can only be worked within the UK and not Overseas.Disability Confident As a member of the Disability Confident Scheme, The Cabinet Office guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. This scheme encourages candidates with a disability and/or neurodivergence to apply.Armed Forces CovenantThe Cabinet Office guarantees to interview veterans or spouses / partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates / military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group.In applying for this role, you acknowledge the following this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different.